Senators Push to Curb NSA's FISA Authorities

Amid growing concerns about loose oversight and insufficient transparency associated with the government's electronic surveillance operations, lawmakers on Thursday plan to introduce legislation that would rein in the authorities of the secret court operating under the Foreign Intelligence Surveillance Act (FISA).

At a Judiciary Committee hearing on Wednesday, Sens. Richard Blumenthal (D-Conn.) and Al Franken (D-Minn.) announced plans to back bills that would bring proceedings at the FISA court more in line with those at conventional judicial courts, and roll back some of the secrecy provisions to shed more light on judges' rulings and the extent to which phone and Internet companies are sharing information about their customers' communications.

Franken, citing the "lack of transparency around these programs," seemed to react with skepticism to the testimony of intelligence officials who insisted that they are eager to engage in the debate over the privacy implications of the National Security Agency's surveillance of phone records and digital communications.

"I don't want a situation where the government is transparent only when it's convenient for the government," Franken says. "When it's ad hoc transparency, that doesn't engender trust, I don't think."

Earlier on Wednesday morning, the director of national intelligence released a set of previously classified documents involving the NSA's bulk collection of telephone metadata, including the primary order, partially redacted, issued by the FISA court authorizing the program.

Deputy Attorney General James Cole defended the program before the committee, noting that the data that is being collected is abstracted to avoid personal identifiers like the contents of calls or the location of cell sites, and that within the intelligence community, access to the database is extremely limited.

"Nobody is listening to anyone's conversation through this program, and nobody could," Cole says.

At the same time, he allowed that the intelligence community is "constantly seeking to achieve the right balance between the protection of national security and the protection of privacy and civil liberties," but insisted that "the 11 judges on the FISA court are far from a rubber stamp."

The members of the judiciary panel generally acknowledged that government intelligence operations warrant an inherent level of secrecy, but several senators argued that the FISA proceedings need a stronger measure of transparency and accountability. Franken said that the legislation he plans to introduce would require disclosures about the number of Americans who have had their information collected and reviewed by intelligence authorities.

Additionally, he will press for provisions to relax the gag orders that bar companies from publicizing the extent of the information they share with the government under FISA orders. Some tech companies, most notably Google and Microsoft, have been seeking authorizations to make more detailed FISA disclosures associated with the NSA's PRISM program, in part to counter the notion that the government has been able to open a back door to obtain unlimited data from their corporate servers.

Blumenthal is planning to bring forward legislation that would revamp the proceedings at the FISA court, introducing a security-cleared attorney to push back against the government's requests for new data-collection authorizations. The idea, he explains, is to make the FISA court arguments more adversarial, bringing them in line with the norms of regular judicial proceedings.

"The basic idea is that judges are accustomed to hearing two sides of an argument," Blumenthal says.

The new legislation follows a bipartisan bill recently introduced by Judiciary Chairman Patrick Leahy (D-Vt.) that would provide for more oversight and narrow the authorities the NSA and FBI operate under in their data-collection and surveillance activities. Leahy, who will sign on as a cosponsor of Franken's bill, expressed concern at the lack of candor about the programs from some members of the intelligence community, including James Clapper, the director of national intelligence, who in testimony before the Judiciary Committee in March said that the NSA does not intentionally collect wholesale information on hundreds of millions of Americans. Three months later, former NSA contractor Edward Snowden's revelations about the NSA's phone-data and PRISM programs came to light.

Latest Videos

​Email fraud is nothing new, but online criminals have become ever more-effective at spoofing their identities to trick employees into sending them money. The Australian Centre for Cyber Security (ACSC) recorded losses of over $20M to business email compromise (BEC) attacks last year alone, up 230 percent over the previous year – and the full amount is certain to be much larger.​

No matter how robust your security, or how diligent your employees, network credentials are a free pass for cybercriminals. This is mostly because employees are relied upon for their own password management. And with more than 4.8 billion sets of stolen credentials said to be available online, odds are that at least a few of your employees’ user IDs and passwords are just waiting to be used by unscrupulous outsiders. Are you ready to stop them?

Cyber resilience will be particularly important as Australian organisations face increased pressure to quickly detect, respond to, and manage the repercussions of breaches in the wake of 2018’s Notifiable Data Breaches (NDB) scheme.

Copyright 2018 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.